How a Port Misconfiguration Exposed Critical Infrastructure Data

An anonymous reader writes: Attacks hitting companies' electrical systems are possible, especially when information that provides insight into those systems' weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven't yet heard about the most recent discovery made by UpGuard researchers: an open port used for rsync server synchronization has left the network of Power Quality Engineering (PQE) wide open to malicious attackers. They managed to access and exfiltrate 205 GB of data from PQE's servers, up until the moment when the company secured its systems two days later after being notified of the problem.

Re:If a single port misconfiguration...

[_Sharp'r_]

They setup a server with a service configured to allow connecting on a default port and giving unencrypted/passwordless access to the entire file system.

Yes, this is the definition of "doing it wrong".

Any even minimal attempt to secure the server and service via OS hardening and/or taking the 2 minutes to configure rsync/rsyncd to use ssh as a transport would've prevented this issue. As rsyncd has used ssh by default for a while now, either they deliberately turned off all safeguards, or else they are running a _really_ old version of *nix which they haven't kept updated.

Re:If a single port misconfiguration...

[_Sharp'r_]

At the risk of replying to myself, I just went and looked and rsync has had using ssh as the default config for 13 years now...